Mobile applications: Analyzing private data leakage using third party connections

In previous few years, an incredible growth is witnessed in the popularity and pervasiveness of smart phones. It has also seen that new mobile applications are built day by day. These applications provide users functionality like social networking applications, games, and many more. Some of the mobile applications might be having a direct purchasing cost or be free but having an ad-support for revenue and in return these applications provide users' private data to ad provider with or without users' consent. Worryingly, some of ad libraries ask for permissions beyond the requirement and additional ones listed in their documentation. Some applications also track users by a network sniffer across ad providers and its applications. It is often ineffective at conveying meaningful, useful information on how a user's privacy might be impacted by using an application. Here in this paper, we have examined the effect on user privacy of some grossing Android applications that transmit private data of user without their permission. Using third party connections that an app makes, we defined the legitimacy of application. Also we observed some other parameter to check whether an app is stealing users' private information.

[1]  Xuxian Jiang,et al.  Unsafe exposure analysis of mobile in-app advertisements , 2012, WISEC '12.

[2]  Byung-Gon Chun,et al.  TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones , 2014, Commun. ACM.

[3]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[4]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[5]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[6]  Byung-Gon Chun,et al.  Vision: automated security validation of mobile apps at app markets , 2011, MCS '11.

[7]  Yuan Zhang,et al.  AppIntent: analyzing sensitive data transmission in android for privacy leakage detection , 2013, CCS.

[8]  Hao Chen,et al.  Investigating User Privacy in Android Ad Libraries , 2012 .

[9]  Zhuoqing Morley Mao,et al.  AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users , 2013, CODASPY.

[10]  Artem Starostin,et al.  A framework for static detection of privacy leaks in android applications , 2012, SAC '12.

[11]  Sahin Albayrak,et al.  Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications , 2011, 2011 6th International Conference on Malicious and Unwanted Software.